Installation and Upgrade Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › Create a Policy Store in an LDAP Directory › Configure the Policy Server to Use Novell eDirectory as a Policy Store

Configure the Policy Server to Use Novell eDirectory as a Policy Store

In SiteMinder 6.x, you can configure the Policy Server to use a Novell eDirectory residing on a UNIX, Windows, or NetWare system as a policy store or user directory. To use eDirectory as a policy store or user directory, the Novell eDirectory schema must be extended to include SiteMinder 6.x objects.

Before you begin, be sure that you have the following installed:

• Novell eDirectory
• Novell Windows Login Client
• Novell ConsoleOne for Windows, UNIX, and Netware systems

Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with Administrator permissions. Open the command line window this way, even if your account has Administrator privileges. For more information, see the release notes for your SiteMinder component.

To configure Policy Store Data in a Novell eDirectory

1. From the Novell Client, navigate to the Novell directory where SiteMinder is installed:

   Windows: siteminder_home\novell

   siteminder_home

   Specifies the Policy Server installation path.

   UNIX: siteminder_home/novell

   siteminder_home

   Specifies the Policy Server installation path.

   This directory contains the Novell policy store schema file (Novell_Add_SM60.ldif).

2. Find the DN of the NCPServer for your Novell Server by entering the following in a command window on the Policy Server host system:

   ldapsearch -h host -p port_number -b container -s sub -D admin_login -w password objectClass=ncpServer dn
   

   Example: ldapsearch -h 192.168.1.47 -p 389 -b "o=nwqa47container" -s sub -D "cn=admin,o=nwqa47container" -w password objectclass=ncpServer dn

3. Manually edit the Novell_Add_SM60.ldif file by replacing every <NCPServer> variable with the value you found in the previous step.

   Example: if your sample DN value is cn=servername,o=servercontainer, you would replace every instance of <NCPServer> with cn=servername,o=servercontainer.

4. From the Policy Server host system, open the Policy Server Management Console and select the Data tab to bring it to the front.

   Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the release notes for your SiteMinder component.

5. Point the Policy Server at the directory by doing the following:
   1. Select Policy Store from the Database list.
   2. Select LDAP from the Storage list.
   3. Configure the fields for the LDAP policy store under LDAP Policy Store. The following are sample values:

      LDAP IP Address: 123.123.12.12:3500

      Root DN: o=test

      Note: Novell eDirectory has a 256 character limit in the DN. The longest root DN that the SiteMinder policy store can have is 256 characters.

      Admin Username: cn=admin,ou=people,o=test

      Password: <masked password>

      Note: For more information about the LDAP settings, see the Policy Server Management guide for a complete description of the LDAP settings.

   4. Click Apply.
   5. Click Test LDAP Connection.

   If the connection is successful, SiteMinder returns a confirmation. If the connection is not successful, SiteMinder returns an error message. If you receive an error message, verify that the values you entered are correct and that the directory is running.

   Note: Once you have a successful connection, you can modify the Novell eDirectory policy store from the Policy Server host system.

6. Update the LDAP directory server with the Novell_Add_SM60.ldif file by doing the following:
   1. Open up a command prompt window.
   2. Navigate to the /siteminder/novell directory.
   3. Enter the command:

      smldapsetup ldmod -v -fNovell_Add_SM60.ldif
      

      Important! For Novell, you do not need to run smldapsetup ldgen as you do for other LDAP directory servers such as Sun Java System Directory Server Enterprise Edition and Active Directory.

7. Change the SiteMinder super user password by completing the following steps:
   1. Copy the smreg utility (smreg.exe) from the Policy Server installation kit to siteminder_home\bin.
   2. Execute the following command:

      smreg -su super_user_password
      

      super_user_password

      Specifies the password for the SiteMinder super user account.

      Note: Be sure that there is a space between -su and the password.

   3. Delete smreg.exe.

      Deleting smreg.exe prevents someone from changing the super user password without knowing the previous one.

8. From siteminder_home/bin, import the basic SiteMinder objects required to set up a policy store by running:

   smobjimport -isiteminder_home\db\smdif\smpolicy.smdif
   -dSM_super_user_name -wsuper_user_password -v
   

   siteminder_home

   Specifies the Policy Server installation path.

   smpolicy.smdif

   Specifies the name of the file containing the default policy store objects that are imported into the policy store.

   Note: When manually configuring a policy store on Windows, you can import one of the following:

   • smpolicy.smdif
   • smpolicy–secure.smdif

   The file named smpolicy–secure provides additional security through enhanced default Web Agent configuration parameters.

   SM_super_user_name

   Specifies the name of the SiteMinder super user administrator.

   super_user_password

   Specifies the password for the SiteMinder super user.

   Note: If an argument contains spaces, use double quotes around the entire argument.

   Windows example: smobjimport -i“C:\Program Files\Netegrity\siteminder\db\smdif\smpolicy.smdif” -d"SM Admin"
   -wPassword -v

   UNIX example: smobjimport -i$NETE_PS_ROOT/db/smdif/smpolicy.smdif -d"SM Admin" -wPassword -v

   -v

   Outputs error, warning, and comment messages in verbose format so you can monitor the status of the import.

   Be aware of the following:

   • This step creates default objects required by SiteMinder. The objects are automatically saved in their appropriate locations in the policy store.
   • If you do not complete this step, the required SiteMinder objects are not added to the policy store and you cannot use the Policy Server User Interface to configure policies.
9. Refresh the LDAP server to update Novell eDirectory by completing the following:
   1. From the Novell Client, open ConsoleOne.
   2. Double–click LDAP server from the directory tree.
   3. Click the Refresh NLDAP Server Now button.
10. Stop and start the Policy Server service by doing the following:
    1. Start the Policy Server Management Console.

       Important! If you are accessing this graphical user interface on Windows Server 2008, open the shortcut with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the release notes for your SiteMinder component.

    2. Under the Status tab, click Stop.

       The stoplight icon changes from green to red.

    3. Click Start to restart the service.
    4. Click OK to exit the Policy Server Management Console.

    For UNIX systems, enter the commands stop–all followed by start–all.

    The policy store is configured and you can log into the Policy Server User Interface.

More Information:

smldapsetup

Import Policy Data Using smobjimport

Change the SiteMinder Super User Password Using smreg

Run the Policy Server Configuration Wizard